I have reviewed the document draft-ietf-intarea-rfc8335bis and found it very complete, comprehensive, well written, and a potentially very useful operational option. I support publication of this document.
A few notes, feel free to adjust or ignore: I know what you're going for here, but I found this a bit hard to digest. I had to read it a few times. `The probed interface can reside on or directly connect to the proxy node.` Maybe `The probed interface can reside on or be directly connected to the proxy node.` Section 9. Suggest extending the section ``` PROBE must not leak information about one Virtual Private Network (VPN) into another. Therefore, when a node receives an ICMP Extended Echo Request and the proxy interface is in a different VPN than the probed interface, the node MUST return an ICMP Extended Echo Reply with error code equal to (2) No Such Interface. ``` to include virtual systems / vsys / logical systems and perhaps containerization where a given software based, logical separation may require different security postures. Perhaps ``` PROBE must not leak information about one Virtual Private Network (VPN), logical system, or other software partitioned interface or set of interfaces into another. Therefore, when a node receives an ICMP Extended Echo Request and the proxy interface is in a different VPN than the probed interface, the node MUST return an ICMP Extended Echo Reply with error code equal to (2) No Such Interface. ``` nb
_______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
